XC
Scribe

Privacy Policy

Last updated: February 22, 2026

1. Data Controller

The data controller responsible for your personal data is THE XTRACODE DOO BEOGRAD - ZVEZDARA, Jovanke Radakovic 88, 11000 Belgrade, Serbia, PIB: 111706611.

Contact: info@thextracode.com

2. Data We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, company name, billing address, and phone number provided during registration or account settings.
  • Authentication data: Hashed passwords, two-factor authentication tokens.
  • Usage data: Records of content generation requests, token consumption, feature usage, and access logs.
  • Product data: Product information you upload or import from connected stores (titles, descriptions, images, SKUs, categories). This data belongs to you and is processed solely to provide the Service.
  • Payment data: Processed by Paddle.com Market Ltd as Merchant of Record. We do not store credit card numbers or bank account details.
  • Technical data: IP address, browser type, device information, and cookies necessary for the Service to function.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Providing, maintaining, and improving the Service
  • Processing subscriptions and token transactions
  • Sending transactional emails (account verification, password resets, billing notifications)
  • Monitoring usage for billing and capacity planning
  • Ensuring security and preventing fraud
  • Complying with legal obligations

We do not sell or rent your personal data. With your consent, we use analytics and marketing tools to improve our service and measure advertising effectiveness.

4. Legal Basis for Processing

We process your personal data based on:

  • Contract performance: Processing necessary to provide the Service you subscribed to.
  • Legitimate interest: Improving our Service, ensuring security, and preventing abuse.
  • Legal obligation: Retaining billing records as required by applicable law.
  • Consent: Where required, such as for optional marketing communications.

5. Data Sharing

We share personal data only with:

  • Paddle.com Market Ltd: Payment processing and billing (Merchant of Record).
  • Amazon Web Services (AWS): Cloud infrastructure and hosting (data processing agreement in place).
  • AI providers: Product data is sent to AI model providers (Anthropic, OpenAI, Google, DeepSeek) for content generation. Only the product data necessary for generation is transmitted; no personal account data is shared.
  • Email service: Amazon SES for transactional emails.
  • Customer support: We use a self-hosted support system to provide live chat and email support. Your name and email address are shared with the support platform to identify you during conversations. All support data is stored on our own infrastructure.
  • Google LLC: Google Analytics for website usage analytics and Google Ads for conversion tracking. Data may be transferred to the US under Google's data processing terms.
  • Meta Platforms, Inc.: Meta Pixel for advertising measurement. Data may be transferred to the US under Meta's data processing terms.

We do not sell, rent, or trade your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we retain billing records for the period required by applicable tax laws (typically 5 years). Usage logs are retained for up to 12 months. Product data is deleted within 30 days of account deletion.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Hashed and salted password storage
  • Two-factor authentication support
  • Regular security reviews and access controls
  • Database backups with encryption

8. International Data Transfers

Your data may be processed in the European Union (AWS eu-central-1 region) and, for AI content generation, by providers located in the United States. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards including standard contractual clauses and the data processing agreements of our service providers.

9. Your Rights

Under applicable data protection laws (including the Serbian Law on Personal Data Protection and, where applicable, the EU General Data Protection Regulation), you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data.
  • Restriction: Request restriction of processing in certain circumstances.
  • Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interest.
  • Withdrawal of consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at info@thextracode.com. We will respond within 30 days.

10. Cookies

The Service uses cookies and similar technologies. We categorize them as follows:

Strictly Necessary Cookies: Required for authentication, session management, UI preferences (theme, language), and payment processing (Paddle). These cannot be disabled as the Service cannot function without them.

Analytics & Marketing Cookies (consent required): With your consent, we use Google Analytics (_ga, _gid) to understand how our Service is used, Google Ads (_gcl_*) for conversion tracking, and Meta Pixel (_fbp) for advertising measurement. These cookies are only set after you give consent via the cookie banner.

You can manage your cookie preferences at any time via the "Cookie Settings" link in the page footer. Withdrawing consent will remove analytics and marketing cookies and stop further data collection by these tools.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at:

THE XTRACODE DOO BEOGRAD - ZVEZDARA
Jovanke Radakovic 88, 11000 Belgrade, Serbia
Email: info@thextracode.com